From 7a945bb5cedae6901927f837e03f688bef51a1e5 Mon Sep 17 00:00:00 2001 From: Daniele Rondina Date: Mon, 6 Apr 2026 01:16:37 +0000 Subject: [PATCH] Bump net-misc/openssh-10.3_p1 --- net-misc/openssh/Manifest | 1 + net-misc/openssh/openssh-10.3_p1.ebuild | 217 ++++++++++++++++++++++++ 2 files changed, 218 insertions(+) create mode 100644 net-misc/openssh/openssh-10.3_p1.ebuild diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index ed01923e..37b0f3c4 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -1,3 +1,4 @@ DIST openssh-10.0_p2.tar.gz 1933723 BLAKE2B 534325d1f6a00ec8e16cc43db8604cc93250ac8822736c58e31eed4d13afeae52ea0e0b12c9c409530abffd2869cba25cdee3d64ec9d9fda52bf6d17d4c1b69c SHA512 ecbdd999de0aeb9d051eaac7c52789b73a7a0000c919ee6e244b414ee61aa145657fc920bcce53210eb3a5a3f735af572b0f7d325244958eaff8d9286badca7d DIST openssh-10.2_p1-d01efaa.tar.gz 1937120 BLAKE2B a347db50e947114b7c17a0fd36908388e7f302a209fa5f09aa69da13eb2e5f56cb3691e59dd30fa14a445d75f82abffd48b29fd9fc43a2fd04a33f8452d4ed94 SHA512 176add8834adf29c8f608cd2dda65a9549893deb5a31633f95e034887b8db460551ec26c7920218a057ee645dece8d7521aca1a056aff1a01cddd31436dfc974 +DIST openssh-10.3_p1-2d98db9.tar.gz 1970881 BLAKE2B a6e05227ac84d8d7ac5ea059115c8af70bd0f72db0b8b8fd15c818e1f474d5ce894cea79f3e35632845fcddd9e81df4ef6c29d8f9a5b59c43ff178dfc30d99d7 SHA512 7ca9ae7f81e6d4374b22a7d28b56765c7104e303763e38752705e908dcc03b1c225feb3f1e9a29e7e73fe22ceecfe91262900c75a7daa7e5f19b188d1165dab9 DIST openssh-portable-9.9_p2-d76b267.tar.gz 1901724 BLAKE2B 95c4847383fe76a05941371f60882d5ef164fde25dedf2dced05c88c54badd65c4ed6cb4467894544fc9a410d70cb222ca60191de06511c52b8e5f3a747601f2 SHA512 f07fec84221cdba4fd1fd6da867aeabbb0754fc56047545be1deac908c4c8756e184a2fe0dfe7c53ab05bed0a9006242dc775067d7849d4012996fd6647a7e6a diff --git a/net-misc/openssh/openssh-10.3_p1.ebuild b/net-misc/openssh/openssh-10.3_p1.ebuild new file mode 100644 index 00000000..17a65413 --- /dev/null +++ b/net-misc/openssh/openssh-10.3_p1.ebuild @@ -0,0 +1,217 @@ +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit user flag-o-matic multilib autotools pam systemd toolchain-funcs + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="https://www.openssh.com/" +SRC_URI="https://api.github.com/repos/openssh/openssh-portable/tarball/refs/tags/V_10_3_P1 -> openssh-10.3_p1-2d98db9.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="*" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit livecd pam +pie +scp security-key sctp selinux +ssl static test X xmss" + +REQUIRED_USE=" + ldns? ( ssl ) + pie? ( !static ) + static? ( !kerberos !pam ) + xmss? ( ssl ) + test? ( ssl ) +" +LIB_DEPEND=" + audit? ( sys-process/audit[static-libs(+)] ) + ldns? ( net-libs/ldns[ecdsa(+),ssl(+)] ) + libedit? ( dev-libs/libedit:=[static-libs(+)] ) + security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + ssl? ( >=dev-libs/openssl-1.1.1l:0=[static-libs(+)] ) + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" +RDEPEND=" + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) + pam? ( sys-libs/pam ) + kerberos? ( virtual/krb5 ) +" +DEPEND="${RDEPEND} + sys-kernel/linux-headers + static? ( ${LIB_DEPEND} ) +" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + !prefix? ( sys-apps/shadow ) + X? ( x11-apps/xauth ) +" +BDEPEND=" + virtual/pkgconfig + sys-devel/autoconf +" + +post_src_unpack() { + mv openssh-openssh-portable-* "${S}" || die +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches + + eapply_user #473004 + + # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox + sed -e '/\t\tpercent \\/ d' \ + -i regress/Makefile || die + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + use xmss && append-cflags -DWITH_XMSS + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + --with-hardening + --without-zlib-version-check # FL-11529 + $(use_with audit audit linux) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + $(use sctp && use_with sctp) + $(use_with ldns) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with selinux) + $(use_with ssl openssl) + $(use_with ssl ssl-engine) + ) + + if use elibc_musl; then + # musl defines bogus values for UTMP_FILE and WTMP_FILE + # https://bugs.gentoo.org/753230 + myconf+=( --disable-utmp --disable-wtmp ) + fi + + # Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all + # bug #869839 (https://github.com/llvm/llvm-project/issues/57692) + tc-is-clang && myconf+=( --without-hardening ) + + econf "${myconf[@]}" +} + +# Gentoo tweaks to default config files. +tweak_ssh_configs() { + local locale_vars=( + # These are language variables that POSIX defines. + # http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02 + LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME + + # These are the GNU extensions. + # https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html + LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE + ) + + # First the server config. + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables. #367017 + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM. #658540 + AcceptEnv COLORTERM + EOF + + # Then the client config. + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables. #367017 + SendEnv ${locale_vars[*]} + + # Send COLORTERM to match TERM. #658540 + SendEnv COLORTERM + EOF + + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die + fi + + if use livecd ; then + sed -i \ + -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ + "${ED}"/etc/ssh/sshd_config || die + fi +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd-r1.initd sshd + newconfd "${FILESDIR}"/sshd-r1.confd sshd + + if use pam; then + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + fi + + tweak_ssh_configs + + doman contrib/ssh-copy-id.1 + dodoc CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + rmdir "${ED}"/var/empty || die +} + +pkg_preinst() { + if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then + show_ssl_warning=1 + fi + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd +} + +pkg_postinst() { + # OpenSSH is a critical service and restarting the daemon may be required for proper operation. + # This was needed with the glibc-2.33 update. + + if [ -n "$( rc-service sshd status| grep started )" ]; then + einfo "Restarting sshd service." + /etc/init.d/sshd restart + fi +} + +# vim: filetype=ebuild